Google Git
Sign in
boringssl / boringssl.git / b3d8b40a3612f0a2c3ba40c56a7e49d238cd9c23^! / .
commitb3d8b40a3612f0a2c3ba40c56a7e49d238cd9c23[log] [tgz]
authorDavid Benjamin <davidben@google.com>Thu Oct 23 13:02:48 2025 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Thu Oct 23 10:30:28 2025 -0700
tree5f452c747404b23bf7a2a1aa8a21c19e557ad38b
parent815857bdc3ba18bc666851ac3adf69a668624a1c [diff]
Fix error handling for invalid TLS 1.3 status_request extensions

We forgot to push an error to the error queue, which led to a confusing
SSL_ERROR_SYSCALL output from the TLS APIs.

Bug: 454485898
Change-Id: I69fbce267834cafece83a92e4ea735a69b76dbe0
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/83187
Reviewed-by: Lily Chen <chlily@google.com>
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

diff --git a/ssl/test/runner/extension_tests.go b/ssl/test/runner/extension_tests.go
index 933da21..da5d3c2 100644
--- a/ssl/test/runner/extension_tests.go
+++ b/ssl/test/runner/extension_tests.go

@@ -1864,6 +1864,22 @@
 				shimCertificate: rsaCertificate.WithOCSP(testOCSPResponse).WithSCTList(testSCTList),
 			})
 
+			// The client should reject empty OCSP responses from the server. A server
+			// with no OCSP response should not send the status_request extension.
+			testCases = append(testCases, testCase{
+				protocol: protocol,
+				testType: clientTest,
+				name:     "RejectEmptyOCSPResponse-" + suffix,
+				config: Config{
+					MaxVersion: ver.version,
+					Credential: rsaCertificate.WithOCSP([]byte{}),
+				},
+				flags:              []string{"-enable-ocsp-stapling"},
+				shouldFail:         true,
+				expectedError:      ":DECODE_ERROR:",
+				expectedLocalError: "remote error: error decoding message",
+			})
+
 			// Extension permutation should interact correctly with other extensions,
 			// HelloVerifyRequest, HelloRetryRequest, and ECH. SSLTest.PermuteExtensions
 			// in ssl_test.cc tests that the extensions are actually permuted. This

diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index d9a710b..4e6ae98 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go

@@ -1910,7 +1910,7 @@
 	c := hs.c
 
 	isPSK := hs.suite.flags&suitePSK != 0
-	if !isPSK && hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0 && !c.config.Bugs.NoOCSPStapling {
+	if !isPSK && hs.clientHello.ocspStapling && hs.cert.OCSPStaple != nil && !c.config.Bugs.NoOCSPStapling {
 		hs.hello.extensions.ocspStapling = true
 	}
 

diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index f41b086..257e4c9 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc

@@ -256,6 +256,7 @@
           status_type != TLSEXT_STATUSTYPE_ocsp ||
           !CBS_get_u24_length_prefixed(&status_request.data, &ocsp_response) ||
           CBS_len(&ocsp_response) == 0 || CBS_len(&status_request.data) != 0) {
+        OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
         ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
         return false;
       }